-----------------------------------------------------------------v1.1- modzero Security Advisory: SAMwin Contact Center Suite - Collisions in Password Hashing Algorithm [MZ-13-07] --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Timeline --------------------------------------------------------------------- * 2014-03-13: Advisory will be published. * 2013-09-24: Vendor responded. * 2013-09-20: Vendor has been contacted. --------------------------------------------------------------------- 2. Summary --------------------------------------------------------------------- Vendor: Telecommunication Software GmbH Products known to be affected: SAMwin Contact Center Suite 5.1, the SAMwin Agent login mask shows version 5.01.19.06 Severity: High Remote exploitable: Yes The SAMwin Call Center Suite is a SIP-based call center solution, which assists users with various features like call forwarding, skill based routing, a real-time wallboard, reporting and supervisor monitoring. The environment consists of at least one SAMwin Contact Center Suite Server (SAMwin server) component, a backend SQL server and the SAMwin Contact Center Suite Agent (SAMwinAgent). The SAMwin Manager web application is used for the administration of the SAMwin server software. The SAMwin server software does not use a cryptographically secure algorithm to compute password hashes. The employed algorithm has unfavorable statistical properties and is prone to collisions. Using a small optimized set of candidate passwords, brute-forcing the web application login of the SAMwin Manager is feasible. --------------------------------------------------------------------- 3. Details --------------------------------------------------------------------- The SAMwin Manager web application is used to configure settings of the SAMwin server. It consist of a standard username and password HTML form and uses a web based configuration panel. The client software named SAMwin Agent includes a file called SAMwinLIBVB.dll, usually located under C:\Program Files\contact center suite 5.1\Bin\. The file is written in the C# language on top of the .NET software platform. The nature of the .NET platform allows to use a decompiler to generate C# source code that is similar to the original source code of the library and therefore simplifies the reverse engineering process. The resulting source code of the SAMwinLIBVB.dll includes a class Samwin.Lib.Crypting.SAMwin. This class includes a function passwordScramble(), which is used to scramble a password. The function requires a password string as argument and returns a value of type integer, which is then stored in the database. Different passwords can produce the same output value. Due to these collisions in the codomain of passwordScramble(), several passwords are valid for the same account. The code below is a pseudo code of the function passwordScramble(): void function passwordScramble n = strlen(pwd) pwd = toupper(pwd) hashsum = 0 for (i = 0; i < n; i++) { hashsum += (i+1) * pwd[i]; } return hashsum As a realistic scenario for the following statistic analysis of the problem, modzero assumes passwords with lengths between 8 and 10 characters, which consist of upper and lower case letters, digits and the following special characters: !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ If the edge cases of this algorithm are considered in this scenario, the function passwordScramble() produces hash values between 1188 (for input "!!!!!!!!") and 6930 (for input "~~~~~~~~~~"). The probability that a certain hash value occurs is highly non-uniform, as shown in figure [0]. It roughly resembles a slightly skewed normal distribution centered around 3700 with a standard deviation of about 450. 90% of all possible password inputs will result in hash values between 3000 and 4500. The odds that a randomly chosen password from the 5.44 * 10^19 possible values will have the exact hash value 3700 is about 1:1138. An attacker is able to exploit this statistical property to speed up a brute-force attack: he constructs a list of password candidates with exactly one password for every possible hash value. Optimally, he guesses candidates from this list in order of descending probability. Figure [1] shows the probability of him being actually successful when he is allowed to take a certain number of guesses. When he is allowed to make 1500 guesses, he will be successful with a probability of 90%. Using 3000 guesses, he will be successful with a probability of 99.9%. And with 5743 guesses he is able to cover the whole space of possible hash values and succeed with certainty. --------------------------------------------------------------------- 4. Impact --------------------------------------------------------------------- An attacker is able to gain access to the administrative console of the SAMwin server and can reroute calls, change mailbox settings and do other manipulations of the SAMwin server. --------------------------------------------------------------------- 5. Workaround --------------------------------------------------------------------- It is recommended to limit the number of possible password tries for all accounts. --------------------------------------------------------------------- 6. Fix --------------------------------------------------------------------- According to the vendor, users of this software should upgrade to version 6.2, which should be available in Q4 2013. The vendor will not provide any fixes for previous versions. --------------------------------------------------------------------- 7. Credits --------------------------------------------------------------------- * Tobias Ospelt (tobias@modzero.ch) * Max Moser (mmo@modzero.ch) --------------------------------------------------------------------- 8. About modzero --------------------------------------------------------------------- The independent Swiss company modzero AG assists clients with security analysis in the complex areas of computer technology. The focus lies on highly detailed technical analysis of concepts, software and hardware components as well as the development of individual solutions. Colleagues at modzero AG work exclusively in practical, highly technical computer-security areas and can draw on decades of experience in various platforms, system concepts, and designs. http://modzero.ch contact@modzero.ch --------------------------------------------------------------------- 9. Disclaimer --------------------------------------------------------------------- The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. --------------------------------------------------------------------- 10. References --------------------------------------------------------------------- [0] http://www.modzero.ch/advisories/MZ-13-07-prob_of_hash_occurrence.png [1] http://www.modzero.ch/advisories/MZ-13-07-prob_of_successful_bf.png